API tools faq
paste
Guest User

Untitled

a guest
May 21st, 2018
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.82 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. Name: ProcessInfo Class
  3. Author: Rik
  4. Description: Used to store process information
  5. */
  6.  
  7.  
  8.  
  9. #ifndef _PINFO_H_
  10. #define _PINFO_H_
  11.  
  12.  
  13. #include <string>
  14. #include <vector>
  15. #include <windows.h>
  16. #include <Tlhelp32.h>
  17. #include <cstdio>
  18.  
  19.  
  20. class ProcessInformation;
  21.  
  22. typedef std::vector<ProcessInformation> ProcessList;
  23.  
  24.  
  25. class ProcessInformation
  26. {
  27. public:
  28. ProcessInformation();
  29. ~ProcessInformation();
  30.  
  31. std::string GetProcessName();
  32. unsigned int GetProcessId();
  33.  
  34. friend bool GetProcessInformation(ProcessList&);
  35. private:
  36. std::string ProcessName;
  37. unsigned int uiProcessId;
  38. };
  39.  
  40. #endif
  41.  
  42.  
  43.  
  44. /*
  45. Name: ProcessInfo Class
  46. Author: Rik
  47. Description: Used to store process information
  48. */
  49.  
  50. #include "ProcessInfo.h"
  51.  
  52. #include <iostream>
  53. using namespace std;
  54.  
  55.  
  56. ProcessInformation::ProcessInformation()
  57. {
  58. #ifdef DEBUG
  59. printf("ProcessInformation Constructor called!\n");
  60. #endif
  61. this->uiProcessId = 0;
  62. }
  63.  
  64.  
  65. ProcessInformation::~ProcessInformation()
  66. {
  67. #ifdef DEBUG
  68. printf("ProcessInformation Destructor called!\n");
  69. #endif
  70. }
  71.  
  72.  
  73. unsigned int ProcessInformation::GetProcessId()
  74. {
  75. return this->uiProcessId;
  76. }
  77.  
  78.  
  79. std::string ProcessInformation::GetProcessName()
  80. {
  81. return this->ProcessName;
  82. }
  83.  
  84.  
  85.  
  86.  
  87.  
  88.  
  89.  
  90. bool GetProcessInformation(ProcessList &List)
  91. {
  92. ProcessInformation ProcInfo;
  93. HANDLE hProcSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  94.  
  95. if( hProcSnapshot == INVALID_HANDLE_VALUE )
  96. {
  97. return false;
  98. }
  99.  
  100. PROCESSENTRY32 ProcessInfo;
  101. memset((LPPROCESSENTRY32)&ProcessInfo,0,sizeof(PROCESSENTRY32));
  102. ProcessInfo.dwSize = sizeof(PROCESSENTRY32);
  103.  
  104. if(!Process32First(hProcSnapshot,&ProcessInfo))
  105. {
  106. return false;
  107. }
  108.  
  109. do
  110. {
  111. ProcInfo.ProcessName = ProcessInfo.szExeFile;
  112. ProcInfo.uiProcessId = ProcessInfo.th32ProcessID;
  113. List.push_back(ProcInfo);
  114. } while( Process32Next(hProcSnapshot,&ProcessInfo) ) ;
  115.  
  116. return true;
  117. }
  118.  
  119.  
  120. /*
  121. Name: FuncMap functions
  122. Author: Rik
  123. Description: Used to map function names to addresses
  124. */
  125. #ifndef _FMAP_H_
  126. #define _FMAP_H_
  127.  
  128. #include <windows.h>
  129. #include <winnt.h>
  130. #include <map>
  131. #include <string>
  132.  
  133.  
  134. typedef std::map<std::string,unsigned int> FuncMap;
  135.  
  136. unsigned int MapExportedFunctionsFromLibrary(std::string LibraryName,FuncMap& FuncToAddr);
  137.  
  138.  
  139.  
  140. #endif
  141.  
  142.  
  143. /*
  144. Name: FuncMap functions
  145. Author: Rik
  146. Description: Used to map function names to addresses
  147. */
  148.  
  149. #include "FuncMap.h"
  150.  
  151. unsigned int MapExportedFunctionsFromLibrary(std::string LibraryName,FuncMap& FuncToAddr)
  152. {
  153. IMAGE_DOS_HEADER* pDosHeader;
  154. IMAGE_NT_HEADERS* pNTHeader;
  155. IMAGE_EXPORT_DIRECTORY* pExportDir;
  156.  
  157. HMODULE hMod = GetModuleHandle(LibraryName.c_str());
  158. if( !hMod ) return 0;
  159.  
  160. pDosHeader = (IMAGE_DOS_HEADER*)hMod;
  161. if( pDosHeader->e_magic != IMAGE_DOS_SIGNATURE ) return 0;
  162. pNTHeader = (IMAGE_NT_HEADERS*)((DWORD)pDosHeader + (DWORD)pDosHeader->e_lfanew);
  163.  
  164. pExportDir = (IMAGE_EXPORT_DIRECTORY*)((DWORD)pDosHeader+(DWORD) pNTHeader->OptionalHeader.DataDirectory
  165. [IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
  166.  
  167.  
  168. unsigned int* FuncNameAddr = (unsigned int*)((DWORD)hMod + pExportDir->AddressOfNames);
  169. unsigned int* FuncAddress = (unsigned int*) ((DWORD)hMod + pExportDir->AddressOfFunctions);
  170.  
  171. for(unsigned int x = 0; x < pExportDir->NumberOfFunctions;x++)
  172. {
  173. char* pFuncName =(char*)((DWORD)hMod + FuncNameAddr[x]);
  174. FuncToAddr[pFuncName] = ((DWORD)hMod + FuncAddress[x]);
  175. }
  176. return pExportDir->NumberOfFunctions;
  177.  
  178. }
  179.  
  180.  
  181.  
  182. /*
  183. Name: Serenity Detect
  184. Author: Rik
  185. Description: Finds and corrects Hooks in the Import Address Tables of executables
  186. */
  187.  
  188. #include <cstdlib>
  189. #include <iostream>
  190. #include <windows.h>
  191. #include <winsock2.h>
  192. #include <assert.h>
  193. #include "ProcessInfo.h"
  194. #include "FuncMap.h"
  195.  
  196. #define _DEBUG_
  197.  
  198. using namespace std;
  199.  
  200. // TYPEDEFS
  201.  
  202. typedef std::vector<std::string> DllList;
  203.  
  204. // GLOBALS
  205.  
  206. ProcessList ProcList; // Holds Process Names and Id's
  207.  
  208. FuncMap AddrOf; // Holds function names and the addresses of the functions
  209.  
  210. const char Library[] = "SerenityInject.dll";
  211. const unsigned int uiPort = 1337;
  212.  
  213. unsigned int uiLibSock = 0;
  214.  
  215. // FUNCTIONS
  216.  
  217. unsigned int __stdcall explode(string str,string delimiter,vector<string> &container);
  218. unsigned int __stdcall RecvModuleNames(int iSock,DllList& List);
  219. DWORD __stdcall AcceptThread(void* listening_socket);
  220.  
  221. int main(int argc, char *argv[])
  222. {
  223.  
  224. // Set Up Listening Socket
  225.  
  226. WSADATA Data;
  227. WSAStartup(MAKEWORD(2,0),&Data);
  228.  
  229. sockaddr_in Config;
  230. memset((sockaddr*)&Config,'\0',sizeof(Config));
  231.  
  232. Config.sin_family = AF_INET;
  233. Config.sin_port = htons(uiPort);
  234. Config.sin_addr.s_addr = inet_addr("127.0.0.1");
  235.  
  236. unsigned int uiListenSocket = socket(AF_INET,SOCK_STREAM,0);
  237.  
  238. if( bind(uiListenSocket,(sockaddr*)&Config,sizeof(Config)) != 0 )
  239. {
  240. cout<<"Bind failed with error: "<<WSAGetLastError()<<"!\n\n";
  241. system("pause");
  242. exit(1);
  243. }
  244.  
  245. if( listen( uiListenSocket,5 ) != 0 )
  246. {
  247. cout<<"Listen failed with error: "<<WSAGetLastError()<<"!\n\n";
  248. system("pause");
  249. exit(1);
  250. }
  251.  
  252. // Accept Thread
  253.  
  254. HANDLE AcceptThreadHandle = CreateThread(0,0,AcceptThread,(void*)&uiListenSocket,0,0);
  255.  
  256. //Get Process List
  257. bool ProcListRet = GetProcessInformation(ProcList);
  258. if( !ProcListRet )
  259. {
  260. cout<<"Failed to retrieve Process List!\n";
  261. system("pause");
  262. exit(0);
  263. }
  264. #ifdef _DEBUG_
  265. cout<<"GetProcessInformation called successfully!\n\n";
  266. #endif
  267.  
  268. // Print List to User
  269. int iIndex = 0;
  270. ProcessList::iterator pIter;
  271. for( pIter = ProcList.begin(); pIter != ProcList.end(); pIter++,iIndex++ )
  272. cout<<"["<<iIndex<<"] "<<pIter->GetProcessName()<<"\n\n";
  273.  
  274.  
  275. // Get Desired Process
  276. while( true )
  277. {
  278. cout<<"Process Index: ";
  279. cin>>iIndex;
  280. if( iIndex >= ProcList.size() )
  281. {
  282. cout<<"Index not valid!\n\n";
  283. continue;
  284. }
  285. break;
  286. }
  287.  
  288. // Open Handle to Desired Process
  289.  
  290. HANDLE hProcHandle = OpenProcess(PROCESS_ALL_ACCESS,false,ProcList[iIndex].GetProcessId());
  291.  
  292. if( !hProcHandle )
  293. {
  294. cout<<"Failed to open handle to "+ProcList[iIndex].GetProcessName()+" with error: ";
  295. cout<<GetLastError()<<"!\n\n";
  296. system("pause");
  297. exit(0);
  298. }
  299.  
  300.  
  301. // Write Name Of Library to Remote Process
  302.  
  303. void* pMemoryAddress = VirtualAllocEx(hProcHandle,0,strlen(Library)+1,MEM_COMMIT,PAGE_READWRITE);
  304. if( !pMemoryAddress )
  305. {
  306. cout<<"Failed to allocate memory in "+ProcList[iIndex].GetProcessName()+"\n\n";
  307. system("pause");
  308. exit(1);
  309. }
  310.  
  311. if( !WriteProcessMemory(hProcHandle,pMemoryAddress,Library,strlen(Library),NULL) )
  312. {
  313. cout<<"Failed to write to memory in "+ProcList[iIndex].GetProcessName()+"\n\n";
  314. system("pause");
  315. exit(1);
  316. }
  317.  
  318.  
  319.  
  320. // LoadLibrary in Remote Process
  321.  
  322. DWORD dwThreadId = 0;
  323. HANDLE RemoteThread = CreateRemoteThread(hProcHandle,
  324. 0,0,
  325. (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary("Kernel32.dll"),"LoadLibraryA"),
  326. pMemoryAddress,
  327. 0,&dwThreadId
  328. );
  329.  
  330. if( !RemoteThread )
  331. {
  332. cout<<"Failed to create remote process in "+ProcList[iIndex].GetProcessName()+"\n\n";
  333. system("pause");
  334. exit(1);
  335. }
  336. WaitForSingleObject(RemoteThread,INFINITE);
  337.  
  338. // Wait for connection from Serenity Inject DLL
  339. WaitForSingleObject(AcceptThreadHandle,INFINITE);
  340.  
  341. #ifdef _DEBUG_
  342. cout<<"Connection Established!\n\n";
  343. #endif
  344. // Connection established!
  345.  
  346. /*
  347. TODO: 1)Receive DLL Names from Serenity Inject DLL
  348. 2)MapExportedFunctionFromLib
  349. 3)Recv Function Addresses from DLL and compare
  350. */
  351.  
  352. DllList ModuleNames;
  353. RecvModuleNames(uiLibSock,ModuleNames);
  354.  
  355. // Output Module Names
  356.  
  357. DllList::iterator iter;
  358. for( iter = ModuleNames.begin(); iter != ModuleNames.end(); iter++ )
  359. {
  360. if( iter->length() > 1 ) cout<<*iter<<endl;
  361. }
  362.  
  363.  
  364. // Close all open handles and exit
  365.  
  366. #ifdef _DEBUG_
  367. assert(uiListenSocket != INVALID_SOCKET);
  368. assert(uiLibSock != INVALID_SOCKET);
  369. assert(hProcHandle != NULL);
  370. #endif
  371. CloseHandle( hProcHandle );
  372. closesocket(uiListenSocket);
  373. closesocket(uiLibSock);
  374.  
  375. system("pause");
  376. getchar();
  377. exit(0);
  378. }
  379.  
  380.  
  381.  
  382.  
  383.  
  384.  
  385. unsigned int __stdcall RecvModuleNames(int iSock,DllList& List)
  386. {
  387. int bytes_received = 0;
  388. char Buffer[256] = {0x00};
  389. string DllNames;
  390. while( bytes_received = recv(iSock,Buffer,256,0) )
  391. {
  392. if( bytes_received == -1 ) break;
  393. DllNames += Buffer;
  394. ZeroMemory(Buffer,256);
  395. }
  396. return explode(DllNames,"\n",List);
  397. }
  398.  
  399.  
  400.  
  401.  
  402. unsigned int explode(string str,string delimiter,vector<string> &container)
  403. {
  404. int iPosition = 0;
  405. int iLastPos = 0;
  406. while( (iPosition = str.find(delimiter,iLastPos)) != string::npos )
  407. {
  408. container.push_back(str.substr(iLastPos,iPosition-(iLastPos)));
  409. iLastPos = iPosition+delimiter.length();
  410. }
  411. container.push_back(str.substr(iLastPos));
  412. return container.size();
  413. }
  414.  
  415.  
  416.  
  417. DWORD __stdcall AcceptThread(void* listening_socket)
  418. {
  419. unsigned int* uiSock = (unsigned int*)listening_socket;
  420. uiLibSock = accept((*uiSock),0,0);
  421. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!